components/policy/proto/device_management_backend.proto - Issue 143183007: Update policy signature verification to include policy domain.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/policy/proto/device_management_backend.proto

Issue 143183007: Update policy signature verification to include policy domain. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fixed style error. Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« components/policy/core/common/cloud/cloud_policy_validator.cc ('K') | « components/policy/core/common/cloud/user_cloud_policy_store.cc ('k') | google_apis/gaia/gaia_auth_util.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/policy/proto/device_management_backend.proto

diff --git a/components/policy/proto/device_management_backend.proto b/components/policy/proto/device_management_backend.proto

index 2908a7998f41e6d8ec10e8140d7386a203d50406..723323459514c7bc99c01715a231a14737ff916b 100644

--- a/components/policy/proto/device_management_backend.proto

+++ b/components/policy/proto/device_management_backend.proto

@@ -297,13 +297,13 @@ message PolicyFetchResponse {

optional bytes new_public_key_signature = 6;

// If new_public_key is specified, this field contains a signature

- // of that key, signed using a key only available to DMServer.

- // The public key portion of this well-known key is embedded into the

- // Chrome binary. The hash of that embedded key is passed to DMServer

- // as verification_key_hash field in PolicyFetchRequest. DMServer will

- // pick a private key on the server which matches the hash (matches public

- // key on the client). If DMServer is unable to find matching key, it will

- // return an error instead of policy data.

+ // of a PolicyPublicKeyAndDomain protobuf, signed using a key only

+ // available to DMServer. The public key portion of this well-known key is

+ // embedded into the Chrome binary. The hash of that embedded key is passed

+ // to DMServer as verification_key_hash field in PolicyFetchRequest. DMServer

+ // will pick a private key on the server which matches the hash (matches

+ // public key on the client). If DMServer is unable to find matching key, it

+ // will return an error instead of policy data.

// In case hash was not specified, DMServer will leave verification signature

// field empty (legacy behavior).

// In addition to the checks between new_public_key

@@ -313,6 +313,17 @@ message PolicyFetchResponse {

optional bytes new_public_key_verification_signature = 7;

}

+// Protobuf used to generate the new_public_key_verification_signature field.

+message PolicyPublicKeyAndDomain {

+ // The public key to sign (taken from the |new_public_key| field in

+ // PolicyFetchResponse).

+ optional bytes new_public_key = 1;

+ // The domain associated with this key (should match the domain portion of

+ // the username field of the policy).

+ optional string domain = 2;

// Request from device to server for reading policies.

message DevicePolicyRequest {

// The policy fetch request. If this field exists, the request must